Securing Smart Cities in the Age of IoT and AI

Asia Pacific is embracing the smart cities transformation. Powered by technologies like IoT, cloud, and data analytics, they offer numerous transformation benefits but are also vulnerable to the evolving threat landscape. What are some of the key issues organizations must think about?

Asia Pacific is becoming a hot bed of smart cities. According to ABI Research’s Smart City Ranking, Singapore, Tokyo, Seoul, Shanghai, and Beijing are among the top ten.

IDC also studied 148 smart city projects in the region. Out of them, those that led the pack were in China, Taiwan and Singapore, followed by Thailand, Australia, New Zealand, South Korea, Hong Kong, and the Philippines. Key areas of development were smart buildings, sustainable infrastructure, transportation, public health and social services.

While the region drives smart city initiatives, organizations must be aware of the cybersecurity issues that could affect their outcomes:

#1. The threat landscape is evolving

Attacks are evolving in the region and becoming more emboldened. Top malicious activity areas include China, South Korea, and Vietnam, according to the CenturyLink 2018 Threat Report. In Singapore, the country temporarily halted Smart Nation initiatives due to a healthcare data breach. Around 87 percent of Thai companies have reported experiencing data or monetary loss due to cyber attacks. Hong Kong and Taiwan were also recently victims of ransomware. An attack hit Hong Kong’s healthcare systems, taking place over a period of two weeks, while WannaCry successfully struck the world'slargest contract chipmaker in Taiwan. While cities are getting smarter, threats are also following suit.

#2. Digital capabilities like IoT have their own vulnerabilities

Smart cities are one of the main drivers of digital transformation. By 2021, approximately 60 percent of Asia Pacific’s GDP will be derived from digital products or service and will grow by 0.8 percent CAGR annually. One of the three top benefits of this evolution is smarter, safer and more efficient cities. Furthermore, the Asia Pacific region is expected to come second (US$412 billion) only to the US’s spending of US$437 billion on digital technologies in 2018. Key technologies driving this acceleration include cloud, Internet of Things (IoT), and Artificial Intelligence (AI). Organizations in Asia Pacific will be installing more sensors, cameras and other connected devices this year, spending as much as US$291.7 billion on IoT.

The region’s cloud spending will also reach US$15 billion this year. China will be the largest country market for public cloud services in 2018 with its US$5.44 billion spending which makes up about 36.1 percent of the region’s spending. Australia (US$2.85 billion) and India (US$2.12 billion) follow in the second and third places.

78 percent of organizations in Asia Pacific that have active IoT devices were once victims of cyberattacks.

But IoT, cloud, and data are opening up the “attack surface” for smart cities. In the case of IoT, there are no industry security standards, which will lead to increasing vulnerabilities. High-profile threats like Mirai and Gafgyt exploit IoT devices to create botnets for DDoS attacks. Meanwhile, the number one concern of moving to the cloud is security.

As more enterprises and organizations adopt digital capabilities and tools, IT systems become too complex running on different architecture designs and brands of equipment, making it difficult to identify backdoors vulnerable to cyber attacks. Hence, a smart city not only has to work better and faster, but also safer.

#3. Massive networks across geographies lead to compliance roadblocks

While organizations tap the benefits of insights from their wealth of data, it also makes them susceptible to compliance risks. Many MNCs are setting up operations and regional headquarters in countries like Singapore, which means that their systems have to interact across different geographies. An estimated 37,400 international companies have their headquarters in the city state, including 7,000 multinational corporations (MNCs), while more than half run their Asia Pacific operations out of Singapore.In Hong Kong, there are also over 1,400 regional HQs.

Moreover, digital transformation has blurred the lines between customer, organization and third-party networks, making it hard to keep track of where data is stored, used, or consumed. Companies are also increasingly turning to third-party vendors. Over half in Asia Pacific say they want to use an IT service or telco service provider, which may mean that the data is subjected to different regulations. Key regulations that are important today include Europe’s GDPR, Singapore’s PDPA and OSPAR as well as Hong Kong’s PDPO. They govern the use of data by organizations — be it personal or financial — and organizations in smart cities cannot afford to ignore these mandates.

#4. Challenges in building a smart workforce to power smart cities

By 2020, the estimated global shortage in the cybersecurity field could reach a staggering 1.5 million. This talent gap will have serious consequences for the region’s digital initiatives. In ASEAN, the top 1,000 companies could lose US$750 billion in market capitalization, and cybersecurity concerns could affect the region’s digital transformation. Before smart cities can fully achieve their goals, they must be supported by a smart workforce. Therefore, organizations must find a way to overcome these talent shortages in order for smart cities to reach their full potential and be effectively secured.

Consequence of cybersecurity talent gap? The top 1,000 companies in ASEAN could lose US$750 billion in market capitalization.

#5. Lack of a strategic cybersecurity culture

In terms of security policies and practices, organizations in the region also lag behind. Many major exploits happened in spite of the fact that there were security patches for them before the attacks happened. This indicates a severe gap in the training and enforcement of security policies in organizations.

Employees are considered the top source of security incidents for organizations.

Employees are also considered the top source of security incidents for organizations. Meanwhile, 36 percent of organizations in Singapore do not have employee security awareness training program and 44 percent say they do not have an incident response process. While external threats remain important, there must also be an increasing focus on the threat of insider attacks — whether they are from malicious or negligent employees. Therefore, a safe and secure smart city requires a transformative culture that focuses on cyber security.

How to rethink cybersecurity for smart cities

What’s a secured approach that can help fix these issues on the journey to smart cities? Visibility, proactivity, and customization are cornerstones of a security strategy that can help Asia Pacific’s smart cities.

Companies need greater global visibility over threats — both internal and external — that can power a more regionalized security approach. The strategy should be built on global best practices accompanied by local delivery methods. That includes having a common set of security standards that can be adapted to country-specific regulations or needs. Therefore, they require a connected security methodology that supports IT agility and today’s adaptive networks.

Collaboration and partnerships will be integral to solving these issues. When it comes to keeping ahead of threats and dealing with, no organization can go it alone. It is extremely crucial for companies and government bodies and cybersecurity agencies to work together. In this way, organizations will have better access to talent, technologies, and methodologies that would not be available to them individually.

Culture must also be part of the security equation. In today’s threat landscape, everyone has a part to play in cybersecurity. Hence, enterprises can explore designing governance programs that ensure staff are educated on the latest best practices. Continuous training is critical, as exploits and vulnerabilities will evolve.

Securing Asia Pacific’s smart cities will not be an easy task. But by working together, different organizations can help contribute and build up the next wave of cybersecurity capability and talent to fight threats holistically and move towards a digital future confidently.

This article was first published on Enterprise Innovation on 16 October 2018.

The security of Digital Businesses should be a priority for enterprises in 2019. Discover the key trends driving the threat landscape in the New Year — and how you can protect your digital business now.

As enterprises race to provide good customer experiences to get gain competitive advantage, they need to start seeing security as an enabler of customer trust and loyalty. Here’s what organizations can do to digitize without compromising security.